[PR] fix(http): apply auth check to builtin requests on public port (brpc)

Sun, 24 May 2026 01:45:29 -0700 


wwbmmm opened a new pull request, #3308:
URL: https://github.com/apache/brpc/pull/3308

   ### What problem does this PR solve?
   
   Issue Number: resolve 
   
   Problem Summary:
   
   When `ServerOptions.auth` is enabled, builtin HTTP requests received from 
the public listening port are currently handled differently from other public 
HTTP requests. This makes auth behavior inconsistent between builtin endpoints 
and regular service endpoints, especially when builtin services and business 
services share the same listener.
   
   This PR makes auth handling more consistent by distinguishing requests 
coming from `internal_port` from requests coming from the public server port.
   
   ### What is changed and the side effects?
   
   Changed:
   
   - Update HTTP request verification logic so builtin requests received from 
the public server port also go through auth when `ServerOptions.auth` is 
enabled.
   - Keep the existing behavior for builtin requests received from 
`internal_port`, which continue to bypass auth as before.
   
   Side effects:
   - Public builtin HTTP endpoints now follow the same auth policy as other 
public HTTP endpoints when auth is enabled.
   
   - Performance effects:
     - Negligible. The change only adds auth verification for builtin HTTP 
requests received from the public port.
   
   - Breaking backward compatibility: 
     - There is a behavior change for deployments that expose builtin HTTP 
services on the public server port while enabling `ServerOptions.auth`: 
unauthenticated access to those builtin endpoints will now be rejected.
   
   ---
   ### Check List:
   - Please make sure your changes are compilable.
   - When providing us with a new feature, it is best to add related tests.
   - Please follow [Contributor Covenant Code of 
Conduct](https://github.com/apache/brpc/blob/master/CODE_OF_CONDUCT.md).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to